Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in
Dann Corbit <dcorbit@connx.com>
From: "Dann Corbit" <DCorbit@connx.com>
To: "Neil Conway" <neilc@samurai.com>
Cc: "Mark Pritchard" <mark@tangent.net.au>, "Justin Clift" <justin@postgresql.org>, "Tom Lane" <tgl@sss.pgh.pa.us>, "Christopher Kings-Lynne" <chriskl@familyhealth.com.au>, <pgsql-hackers@postgresql.org>
Date: 2002-08-20T05:49:05Z
Lists: pgsql-hackers
> -----Original Message----- > From: Neil Conway [mailto:neilc@samurai.com] > Sent: Monday, August 19, 2002 10:42 PM > To: Dann Corbit > Cc: Neil Conway; Mark Pritchard; Justin Clift; Tom Lane; > Christopher Kings-Lynne; pgsql-hackers@postgresql.org > Subject: Re: [HACKERS] @(#) Mordred Labs advisory 0x0001: > Buffer overflow in > > > "Dann Corbit" <DCorbit@connx.com> writes: > > If you *know* of a buffer overrun, and simply decide not to fix it, > > that sounds very negligent to me. > > *sigh*, no one is doing that, and it is pure negligence on > your part for replying to a thread that you clearly have not read. I read (in some other message) that this buffer overrun problem has been known for a very, very long time. To simply decide not to fix it means: "It's on the todo list" For generation after generation after generation. It does not mean that "Someday, we hope to fix this." What I am saying is that there is nothing that could possibly be more important than fixing this, except some other known problem that could also cause billions of dollars worth of damage. Are there any such problems besides the buffer overrun problems?